9cd30e8650
Ensure partition is used for SAN validation
2021-09-15 17:23:48 -06:00
9f12fbd3cc
ACL Binding Rules table partitioning ( #11044 )
...
* ACL Binding Rules table partitioning
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-15 13:26:08 -07:00
02051c141e
auto-updated agent/uiserver/bindata_assetfs.go from commit fc14a412f
2021-09-15 18:55:29 +00:00
0eb4a98fab
auto-updated agent/uiserver/bindata_assetfs.go from commit b16a6fa03
2021-09-15 17:14:42 +00:00
af21578039
use const instead of literals for `tableIndex` ( #11039 )
2021-09-15 10:24:04 -04:00
6be54052f7
Refactor `indexAuthMethod` in `tableACLBindingRules` ( #11029 )
...
* Port consul-enterprise #1123 to OSS
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
* Fixup missing query field
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
* change to re-trigger ci system
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-15 09:34:19 -04:00
ce04ce13dd
Merge pull request #11024 from hashicorp/partitions/rbac
2021-09-14 11:18:19 -06:00
e18f3c1f6d
Update error texts ( #11022 )
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-09-14 11:08:06 -06:00
d90e30f009
Update spiffe ID patterns used for RBAC
2021-09-14 11:00:03 -06:00
5e54f253d7
Expand testing of simplifyNotSourceSlice for partitions
2021-09-14 10:55:15 -06:00
19da23be28
Expand testing of removeSameSourceIntentions for partitions
2021-09-14 10:55:09 -06:00
beab0cd962
Account for partition when matching src intentions
2021-09-14 10:55:02 -06:00
1f9479603c
Add failures_before_warning to checks ( #10969 )
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
* agent: add failures_before_warning setting
The new setting allows users to specify the number of check failures
that have to happen before a service status us updated to be `warning`.
This allows for more visibility for detected issues without creating
alerts and pinging administrators. Unlike the previous behavior, which
caused the service status to not update until it reached the configured
`failures_before_critical` setting, now Consul updates the Web UI view
with the `warning` state and the output of the service check when
`failures_before_warning` is breached.
The default value of `FailuresBeforeWarning` is the same as the value of
`FailuresBeforeCritical`, which allows for retaining the previous default
behavior of not triggering a warning.
When `FailuresBeforeWarning` is set to a value higher than that of
`FailuresBeforeCritical it has no effect as `FailuresBeforeCritical`
takes precedence.
Resolves: https://github.com/hashicorp/consul/issues/10680
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Co-authored-by: Jakub Sokołowski <jakub@status.im>
2021-09-14 12:47:52 -04:00
b4d5860197
convert expiration indexed in ACLToken table to use `indexerSingle` ( #11018 )
...
* move intFromBool to be available for oss
* add expiry indexes
* remove dead code: `TokenExpirationIndex`
* fix remove indexer `TokenExpirationIndex`
* fix rebase issue
2021-09-13 14:37:16 -04:00
11f44dfcf8
add locality indexer partitioning ( #11016 )
...
* convert `Roles` index to use `indexerSingle`
* split authmethod write indexer to oss and ent
* add index locality
* add locality unit tests
* move intFromBool to be available for oss
* use Bool func
* refactor `aclTokenList` to merge func
2021-09-13 11:53:00 -04:00
ba4ee6e67c
convert `indexAuthMethod` index to use `indexerSingle` ( #11014 )
...
* convert `Roles` index to use `indexerSingle`
* fix oss build
* split authmethod write indexer to oss and ent
* add auth method unit tests
2021-09-10 16:56:56 -04:00
b38e84df63
Include namespace and partition in error messages when validating ingress header manip
2021-09-10 21:11:00 +01:00
1079089f20
Refactor HTTPHeaderModifiers.MergeDefaults based on feedback
2021-09-10 21:11:00 +01:00
9e4e204e96
Fix enterprise test failures caused by differences in normalizing EnterpriseMeta
2021-09-10 21:11:00 +01:00
3004eadd08
Fix enterprise discovery chain tests; Fix multi-level split merging
2021-09-10 21:11:00 +01:00
b5ae00d753
Remove unnecessary check
2021-09-10 21:09:24 +01:00
f1c0876b4c
Fix discovery chain test fixtures
2021-09-10 21:09:24 +01:00
1b9632531a
Integration tests for all new header manip features
2021-09-10 21:09:24 +01:00
e22cc9c53a
Header manip for split legs plumbing
2021-09-10 21:09:24 +01:00
83fc8723a3
Header manip for service-router plumbed through
2021-09-10 21:09:24 +01:00
f439dfc04f
Ingress gateway header manip plumbing
2021-09-10 21:09:24 +01:00
d776a2d236
Add HTTP header manip for router and splitter entries
2021-09-10 21:09:24 +01:00
46e4041283
Header manip and validation added for ingress-gateway entries
2021-09-10 21:09:24 +01:00
6cac30aa22
convert `Roles` index to use `indexerMulti` ( #11013 )
...
* convert `Roles` index to use `indexerMulti`
* add role test in oss
* fix oss to use the right index func
* preallocate slice
2021-09-10 16:04:33 -04:00
f3f0654038
convert indexPolicies in ACLTokens table to the new index ( #11011 )
2021-09-10 14:57:37 -04:00
584faec6e3
convert indexSecret to the new index ( #11007 )
2021-09-10 09:10:11 -04:00
6e6cf1c043
convert indexAccessor to the new index ( #11002 )
2021-09-09 16:28:04 -04:00
13238dbab6
tls: consider presented intermediates during server connection tls handshake. ( #10964 )
...
* use intermediates when verifying
* extract connection state
* remove useless import
* add changelog entry
* golint
* better error
* wording
* collect errors
* use SAN.DNSName instead of CommonName
* Add test for unknown intermediate
* improve changelog entry
2021-09-09 21:48:54 +02:00
9bbfa048a2
Sync enterprise changes to oss ( #10994 )
...
This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 11:59:30 -04:00
a14950025a
Merge pull request #10984 from hashicorp/mesh-resource
...
acl: adding a new mesh resource
2021-09-07 15:06:20 -07:00
bc0e4f2f46
partition dicovery chains ( #10983 )
...
* partition dicovery chains
* fix default partition for OSS
2021-09-07 16:29:32 -04:00
ee372a854a
acl: adding a new mesh resource
2021-09-03 09:12:03 -04:00
ced8329d80
try to infer command partition from node partition ( #10981 )
2021-09-03 08:37:23 -04:00
09197c989c
add partition to SNI when partition is non default ( #10917 )
2021-09-01 10:35:39 -04:00
8d83d27674
connect: update envoy supported versions to latest patch release
...
(#10961 )
Relevant advisory:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
2021-08-31 10:39:18 -06:00
79c7e73618
rpc: authorize raft requests ( #10925 )
2021-08-26 15:04:32 -07:00
cd3333ad6a
auto-updated agent/uiserver/bindata_assetfs.go from commit eeeb91bea
2021-08-26 18:13:08 +00:00
1a9b2f09dd
ent->oss test fix ( #10926 )
2021-08-26 14:06:49 -04:00
2d66c4ea13
auto-updated agent/uiserver/bindata_assetfs.go from commit a907e1d87
2021-08-26 18:02:18 +00:00
a163051dbb
auto-updated agent/uiserver/bindata_assetfs.go from commit a0b0ed2bc
2021-08-26 16:06:09 +00:00
45dcc8b553
api: expose upstream routing configurations in topology view ( #10811 )
...
Some users are defining routing configurations that do not have associated services. This commit surfaces these configs in the topology visualization. Also fixes a minor internal bug with non-transparent proxy upstream/downstream references.
2021-08-25 15:20:32 -04:00
a6d22efb49
acl: some acl authz refactors for nodes ( #10909 )
2021-08-25 13:43:11 -05:00
11b1dc1f97
auto-updated agent/uiserver/bindata_assetfs.go from commit a777b0a9b
2021-08-25 13:46:51 +00:00
5e31421602
auto-updated agent/uiserver/bindata_assetfs.go from commit 8192dde48
2021-08-25 11:39:14 +00:00
5b6d96d27d
grpc: ensure that streaming gRPC requests work over mesh gateway based wan federation ( #10838 )
...
Fixes #10796
2021-08-24 16:28:44 -05:00
freddygv
Mark Anderson
hc-github-team-consul-core
Dhia Ayachi
Freddy
Daniel Nephin
Paul Banks
Hans Hasselberg
Chris S. Kim
Kyle Havlovitz
R.B. Boyer
Evan Culver
R.B. Boyer